Yap is a HTTP1.1/HTTP2 proxy which forked and refactored from branch vps of Goproxy
First of all, download the latest Yap program from Release page according to your os and arch.
- A domain:
example.org - Certificate for the domain:
example.org.cer - Key of the certificate for the domain:
example.org.key
[default]
reject_nil_sni = false
[[http2]]
listen = ":443"
# server name for http2 proxy
server_name = ["example.org"]
# cert file
cert_file = "example.org.cer"
# key file
key_file = "example.org.key"
[http]
listen = ":8088"./yap yap.tomlCreate a new pac proxy configuration for you browser and setting:
function FindProxyForURL(url, host) {
return "HTTPS example.org:443";
}[http]
listen = "localhost:8088"
upstream_proxy = "https://example.org:443"./yap yap.tomlConfig HTTP Proxy localhost:8088 for you application.
Yap supports multiple format configuration files such as toml, yaml and so on.
TBD
http2 section contains a list for HTTP2 proxy.
-
network - optional
The network must be a stream-oriented network:
"tcp", "tcp4", "tcp6", "unix" or "unixpacket".
Currently, only support
tcp,tcp4,tcp6. -
listen
The syntax of listen is "host:port", e.g. ":443"
-
server_name
The server name for http2 proxy, should be a list, such as
["example.org", "yap.example.org"] -
proxy_fallback - optional
The fallback URL for non-proxy request
-
pem - optional
The pem file location for key pair contains cert and key, if pem is setting, the
cert_fileandkey_filewill be not used. -
cert_file - optional
The certificate file location
-
key_file - optional
The key file location
-
upstream_proxy - optional
The upstream proxy URL, used for proxy chain.
-
proxy_auth_method - optional
The proxy authenticate method, currently contains 3 options: "pam", "htpasswd", "build-in".
Leave it blank for disable proxy authenticate
-
proxy_auth_htpasswd_path - optional
The htpasswd file location.
Only used when
proxy_auth_methodis set tohtpasswd. -
proxy_auth_buildin_credential - optional
The build-in authentication credential. Only used when
proxy_auth_methodis set tobuild-in.
-
network - optional
The network must be a stream-oriented network:
"tcp", "tcp4", "tcp6", "unix" or "unixpacket".
Currently, only support
tcp,tcp4,tcp6. -
listen
The syntax of listen is "host:port", e.g. ":443"
-
upstream_proxy - optional
The upstream proxy URL, used for proxy chain.
-
proxy_auth_method - optional
The proxy authenticate method, currently contains 3 options: "pam", "htpasswd", "build-in".
Leave it blank for disable proxy authenticate
Please reference Authentication section.
-
proxy_auth_htpasswd_path - optional
The htpasswd file location.
Only used when
proxy_auth_methodis set tohtpasswd. -
proxy_auth_buildin_credential - optional
The build-in authentication credential. Only used when
proxy_auth_methodis set tobuild-in.
Yap supports two auth methods.
Set proxy_auth_method to build-in.
Set proxy_auth_buildin_credential to username:password.
Set proxy_auth_method to htpasswd.
Set proxy_auth_htpasswd_path to htpasswd file path.
Configuration:
# ...
proxy_auth_method = "htpasswd"
proxy_auth_htpasswd_path = "/path/to/htpasswd"
# ...Generate htpasswd:
htpasswd -bc /path/to/htpasswd username passwdInstall python for PAM authentication.
Set proxy_auth_method to pam.
Quick start:
docker run -d \
-v /path/to/yap.toml:/yap.toml \
-v /path/to/example.cert:/example.cert \
-v /path/to/example.key:/example.key \
-v /path/to/htpasswd:/htpasswd \
-p 443:443 \
-p 8088:8088 \
yaproxy/yap
You can find more details from Yap in Docker hub.
Contributions are welcome.
Copyright 2013-2017 Yaproxy
This software is licensed under the terms of the Apache License Version 2. See the LICENSE file.